Skip to main content
Announcements
Qlik Introduces a New Era of Visualization! READ ALL ABOUT IT
cancel
Showing results for 
Search instead for 
Did you mean: 
NakulanR
Partner - Contributor III
Partner - Contributor III

Is Qlik Replicate affected by CVE-2023-50164 (Apache Struts2 Remote Code Execution vulnerability)

Hi,

 

We would just like to know whether Qlik Replicate (or any other Qlik product) is affected in any way by the recent CVE-2023-50164 vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2023-50164)

If the most recent releases of Replicate are not affected, is there any chance older versions of Replicate may be affected?

Any feedback is greatly appreciated.

 

Thanks,

Nak

Labels (1)
1 Solution

Accepted Solutions
Dana_Baldwin
Support
Support

Hi @NakulanR 

I could not find mention of this specific CVE, but a search on "Struts" found a case from 5 months ago where we determined that none of the Data Integration products, including Qlik Replicate, use Apache Struts. If you would like an investigation into this specific CVE, please open a support case as we have no method to elevate issues to our internal support team in the Qlik Community forum.

Thanks,

Dana

View solution in original post

3 Replies
Dana_Baldwin
Support
Support

Hi @NakulanR 

I could not find mention of this specific CVE, but a search on "Struts" found a case from 5 months ago where we determined that none of the Data Integration products, including Qlik Replicate, use Apache Struts. If you would like an investigation into this specific CVE, please open a support case as we have no method to elevate issues to our internal support team in the Qlik Community forum.

Thanks,

Dana

NakulanR
Partner - Contributor III
Partner - Contributor III
Author

Thanks @Dana_Baldwin for the prompt reply.

I'll open a support case anyway in case.

 

Regards,

Nak

RichardJoyce
Contributor
Contributor

In terms of software vulnerabilities, keeping your systems up to date with the latest releases and security patches is crucial to mitigate potential risks. Older versions of Replicate may indeed have vulnerabilities, so it's generally a good practice to upgrade to the latest versions for enhanced security.If you're concerned about cybersecurity and compliance, you might want to explore resources about CMMC Level 2. It can provide valuable insights into ensuring the security of your systems.I hope this information helps, and you can find the answers you need regarding the CVE vulnerability and your Qlik products.